The primary objective of computer security is to protect data from being accessed by those who are not authorized to access it. Data encryption, file ownership, access privileges are effective mechanisms against causal or inadvertent access by unauthorized users, but malware that is able to access data at the owner or highest (kernel or root) privilege can circumvent encryption or ownership schemes. Computing devices use filter drivers at the disk, volume, and file system levels to create and enforce data protection schemes, and similar approaches have been undertaken with virtual computing systems. Virtual storage systems provide additional challenges, however, since they lack the physical protections that can be employed with hardware-based storage.
The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for selectively masking data on a virtual storage device.